Product release notes and scan results

Product release notes

We release new versions of our software on a monthly basis. Please follow us on Linkedin or subscribe to our RSS-feed on sourceforge to ensure you don't miss any updates.

[2024-02-18] Cppcheck Premium 24.2.1

• Cert C++: Include Cert C checkers specified by chapter 1.5 in Cert C++ standard.
• Compliance reports; show suppressed rules
  
• Misra C: improved checking of 13.2, 13.4, 16.3, 21.2, 21.24
  
• Misra C++ 2008: fix 6-2-3 output
• Misra C++ 2008: improve 4-10-2 checker
• Fix misra-config false positives in sizeof() expressions
• Speedup Misra C checking
• Based on Cppcheck-2.13.4

   

   

  [2024-02-05] Cppcheck Premium 24.2.0

  • Fix several false positives
  • Fix crash when source files listed in a project file do not exist
  • Fix problem running premiumaddon in GUI
  • Run all related style checkers in cppcheck when misra/cert/autosar is enabled.
  • GUI: make it possible to generate Cert C, Cert C++ and Misra C++ compliance reports
  • Compliance reports: show "unmapped" warnings/errors.
  • Better validation of command line arguments
  • Better handling of "--premium=safety" option.
  • Misra C: improved checking of 8.3, 10.8, 13.2, 13.4, 13.5, 15.5, 16.3, 17.3, 17.9, 17.13, 18.5, 18.8, 18.9, 21.1, 21.16
  • Misra C++ 2008: it was discovered 2 checkers was missing; 0-3-2, 10-3-2. Implemented checkers for these.
    
  • Significant speedup in Misra C checking
  • Based on Cppcheck-2.13.3

[2023-12-30] Cppcheck Premium 23.12.0

• Fix several false positives
• Autosar: implement a0-1-6, a20-8-2, a20-8-3, a20-8-4, a20-8-5, a20-8-6, a21-8-1, a23-0-1, a25-1-1, a25-4-1, a26-5-1, a26-5-2, a27-0-1, a27-0-2, a27-0-4
  
• Misra C: improved checking of many rules. False negatives identified by customers / users. 10.6, 13.1, 13.2, 13.3, 13.5, 13.6, 18.8, 20.3, 21.1
• Misra C++ 2008: Implemented all remaining checkers.
• Based on Cppcheck-2.13.

[2023-09-28] Cppcheck Premium 23.9.0

• New option: --premium=misra-c-2023
  
• Report invalidLicense with severity error to ensure it is shown
  
• Fix several crashes
• Fix several false positives
• Autosar: implement a4-7-1
• Based on Cppcheck-2.12.1

[2023-06-30] Cppcheck Premium 23.6.0

• Misra C 2012 Amendment #3 checks
• Misra C 2012 Amendment #4 checks
• Misra C 2023
• Improved checking for unreachable code
• Improved checking for unread variables (https://trac.cppcheck.net/ticket/9819)
• Improved checking when overflowing pointer you get from address-of
• Improved checking of bitwise operations (suspicious operands)

[2023-06-23] Cppcheck Open-Source 2.11

New checks:

• pop_back on empty container is UB

Improved checking:

• Improve useStlAlgorithm check to handle many more conditions in the loop for any_of, all_of and none_of algorithms
• ValueFlow can evaluate the return value of functions even when conditionals are used
• ValueFlow will now forward the container sizes being returned from a function
• ValueFlow can infer possible values from possible symbolic values
• Improve valueflow after pushing to container

GUI:

• The platform type 'Unspecified' within .cppcheck projects has been deprecated and will be removed in Cppcheck 2.14. Please use 'unspecified' instead.
• Do not replace relative paths with absolute paths in suppressions in the project file dialog

Interface:

• The new option --check-level=<level> has been added that controls how much checking is made by Cppcheck. The default checking level is "normal". If you feel that you can wait longer on results you can use --check-level=exhaustive.</level>
• It is no longer necessary to run "--check-config" to get detailed "missingInclude" and "missingIncludeSystem" messages. They will always be issued in the regular analysis if "missingInclude" is enabled.
• "missingInclude" and "missingIncludeSystem" are reported with "-j" is > 1 and processes are used in the backend (default in non-Windows binaries)
• "missingInclude" and "missingIncludeSystem" will now cause the "--error-exitcode" to be applied
• "--enable=information" will no longer implicitly enable "missingInclude" starting with 2.16. Please enable it explicitly if you require it.
• The constParameterand constVariable checks have been split into 3 different IDs based on if the variable is a pointer, a reference, or local. The different IDs will allow users to suppress different const warning based on variable type.
  • constParameter
  • constParameterReference
  • constParameterPointer
  • constVariable
  • constVariableReference
  • constVariablePointer
• More command-line parameters will now check if the given integer argument is actually valid. Several other internal string-to-integer conversions will now be error checked.
• scanning projects (with -j1) will now defer the analysis of markup files until the whole code was processed

[2023-05-30] Cppcheck Premium 23.5.0

• suspicious loss of precision in assignment / cast
• buffer overflow when there is a buffer with offset
• redundant reassignment in loop

[2023-04-16] Cppcheck Premium 23.4.0

• Refactoring CERT C++ checking. There is now full Cert C++ coverage with --premium=cert-c++-2016 other premium flags are not needed.
• Implemented new checking for Cert C++ STR53 and CTR50
• Implement Misra C++ 6-6-3
• Implement Misra C++ 6-6-5
• Implement Misra C++ 7-3-5
• Implement Misra C++ 7-5-3
• Implement Misra C++ 10-1-2
• Implement Misra C++ 10-1-3
• Implement Misra C++ 14-5-1
• Implement Misra C++ 14-5-2
• Implement Misra C++ 14-6-1
• Implement Misra C++ 14-7-1
• Implement Misra C++ 14-7-2
• Improved license registration

[2023-02-26] Cppcheck Premium 23.2.2

• Bugfixes in AUTOSAR and CERT checking

[2023-02-20] Cppcheck Premium 23.2.0

• Finished CERT C++, all rules are now checked.
• Fixed autosar/misra c++ false positives.
• Based on open-source 2.10

[2023-01-28] Cppcheck Open-Source 2.10

Analysis:

• Many improvements and fixes in checkers.
• Windows binaries currently default to the "win32A" and "win64" platform respectively. Starting with Cppcheck 2.13 they will default to 'native' instead. Please specify '--platform=win32A' or '--platform=win64' explicitly if you rely on this.
• New check: use memset/memcpy instead of loop

CLI:

• if the file provided via "--file-list" cannot be opened it will now error out
• add command-line option "--disable=" to individually disable checks

GUI:

• Detect when installed version is old. There is setting in Edit/Preferences to turn this on.
• Fix path issue with backslashes
• Cleanup *.ctu-info files after analysis

Build:

• the deprecated Makefile option SRCDIR is no longer accepted
• added CMake option BUILD_CORE_DLL to build lib as cppcheck-core.dll with Visual Studio

Fixed noise in the Misra C++ checking

New Cert C++ checkers:

• DCL53: Do not write syntactically ambiguous declarations
  
• CTR52: Guarantee that library functions do not overflow
  
• EXP50: Do not depend on the order of evaluation for side effects
  

[2022-12-06] Cppcheck Premium 22.12.1

Improved checking for uninitialized variables.

New Cert C++ checkers:

• DCL51: Do not declare or define a reserved symbol
• DCL56: Avoid cycles during initialization of static objects
  
• ERR50: Do not abruptly terminate the program
• ERR55: Honor exception specifications
  
• ERR58: Handle all exceptions thrown before main()
  
• ERR56: Guarantee exception safety
• CON53-CPP. Avoid deadlock by locking in a predefined order
  

[2022-11-21] Cppcheck Premium 22.11.2

Bug fix release

[2022-11-13] Cppcheck Premium 22.11.1

New checks:

• Check pointer casts
• Bughunting checking for uninitialized variables and data
• Cert C++: DCL52: Never qualify a reference type with const
• Cert C++: CTR53: Use valid iterator ranges
• Cert C++: EXP56: Do not call a function with a mismatched language linkage
• Cert C++: CTR57: Provide a valid ordering predicate
• Cert C++: ERR53: Do not reference base classes or class data members in a constructor or destructor function-try-block handler
• Cert C++: CON56: Do not speculatively lock a non-recursive mutex that is already owned by the calling thread
• Cert C++: CON51: Ensure actively held locks are released on exceptional conditions
• Cert C++: CON52: Prevent data races when accessing bit-fields from multiple threads
• Cert C++: CON55: Preserve thread safety and liveness when using condition variables
• Cert C++: CON50: Do not destroy a mutex while it is locked
• Cert C++: CON54: Wrap functions that can spuriously wake up in a loop
• Cert C++: EXP57: Do not cast or delete pointers to incomplete types
• Cert C++: EXP55: Do not access a cv-qualified object through a cv-unqualified type
• Cert C++: DCL58: Do not modify the standard namespaces
• Cert C++: DCL54: Overload allocation and deallocation functions as a pair in the same scope
• Cert C++: ERR61:Catch exceptions by lvalue reference
• Cert C++: ERR52: Do not use setjmp() or longjmp()

Upgrades

• The GUI can check for updates at startup. Open the Preferences dialog and ensure "Check for updates" is activated.
• Linux: We have created a APT repository, if you configure and use this then Cppcheck Premium will be automatically upgraded during normal system upgrades.

[2022-10-08] Cppcheck Premium 22.10.0

Analysis

• Detect more uninitialize variable usage bugs
• Detect more infinite loops
• Additional Cert C++ checkers (ERR62, EXP51, EXP58, EXP59, FIO51, INT50, MEM52, MEM53, MEM54, MEM55, MSC50, MSC51, MSC53, MSC54, OOP51, OOP55, OOP56, OOP57, STR50
• Fixed several crashes
• Reduced memory usage

[2022-08-28] Cppcheck Open-Source 2.9

Analysis

• restored check for negative allocation (new[]) and negative VLA sizes from cppcheck 1.87 (LCppC backport)
• replaced hardcoded check for pipe() buffer size by library configuration option (LCppC backport)
• on Windows the callstack is now being written to the output specific via "--exception-handling"
• make it possible to disable the various exception handling parts via the CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and "NO_WINDOWS_SEH"
• detect more redundant calls of std::string::c_str(), std::string::substr(), and unnecessary copies of containers
• Add a match function to addon similiar to Token::Match used internally by cppcheck:
  • | for either-or tokens(ie struct|class to match either struct or class)
  • !! to negate a token
  • It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords
  • It supports (*), {*}, [*], and <*> to match links
  • @ can be added to bind the token to a name
  • ** can be used to match until a token
• Add math functions which can be used in library function definition. This enables evaluation of more math functions in ValueFlow
• Further improve lifetime analysis with this pointers
• Propagate condition values from outer function calls
• Add debug intrinsics debug_valueflow and debug_valuetype to show more detail including source backtraces

Cppcheck Premium

• GUI: Additional options to configure the Autosar, Cert C and Misra C++ coding standards
• Command line: A --premium option that is used to provide premium options

[2022-07-13] Cppcheck Premium R22.7.1

• Bug fix: Fixed crash during whole program analysis
• Bug fix: Fixed suppression of unmatchedSuppression

[2022-07-08] Cppcheck Premium R22.7.0

• Fix: Expected premium warnings was not shown
• Bug fix: Fixed crash in cppcheck when addons fail
• Bug fix: Fix syntax error

[2022-05-31] Cppcheck Premium R22.5.0

• Cert check: con33: Avoid race conditions when using library functions
• Cert check: con36: Wrap functions that can spuriously wake up in a loop
• Cert check: con37: Do not call signal() in a multithreaded program
• Cert check: con41: Wrap functions that can fail spuriously in a loop
• Cert check: env31: Do not rely on an environment pointer following an operation that may invalidate it
• Cert check: env33: Do not call system()
• Cert check: exp36: Do not cast pointers into more strictly aligned pointer types
• Cert check: exp37: Call functions with the correct number and type of arguments
• Cert check: exp39: Do not access a variable through a pointer of an incompatible type
• Cert check: exp40: Do not modify constant objects
• Cert check: exp42: Do not compare padding data
• Cert check: exp43: Avoid undefined behavior when using restrict-qualified pointers
• Cert check: fio34: Distinguish between characters read from a file and EOF or WEOF
• Cert check: fio38: Do not copy a FILE object
• Cert check: fio41: Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
• Cert check: fio45: Avoid TOCTOU race conditions while accessing files
• Cert check: msc30: Do not use the rand() function for generating pseudorandom numbers
• Cert check: msc32: Properly seed pseudorandom number generators
• Cert check: msc33: Do not pass invalid data to the asctime() function
• Cert check: pre31: expression with side effects is repeated in expanded macro
• Cert check: str38: Do not confuse narrow and wide character strings and functions
• Cert check: sig34: Do not call signal() from within interruptible signal handlers

[2022-04-19] Cppcheck Premium R22.4.1

• CERT check: dcl38: Use the correct syntax when declaring a flexible array member
• CERT check: dcl39: Avoid information leakage when passing a structure across a trust boundary
• CERT check: dcl40: Do not create incompatible declarations of the same function or object
• CERT check: dcl41: Do not declare variables inside a switch statement before the first case label
• CERT check: exp45: Do not perform assignments in selection statements
• CERT check: flp30: Do not use floating-point variables as loop counters
• CERT check: flp36: loss of precision
• CERT check: flp37: Do not use object representations to compare floating-point values
• CERT check: int34: shift negative / too many bits

• CERT check: str31: Guarantee that storage for strings has sufficient space for character data and the null terminator
• CERT check: str32: Passing string that is not null terminated to function

[2022-04-01] Cppcheck Premium R22.4.0

• Fixed computer id when some MAC addresses are changing
• New check: cover all rules in CERT C 2016 chapter "9 Memory Management (MEM)"

[2022-03-15] Cppcheck Premium R22.3.0

• Bug fixes

[2022-02-27] Cppcheck Premium R22.2.2

• New check: cover all rules in CERT C 2016 chapter "7 Array (ARR)"
• Improve check: Deeper checking for MISRA C 2012 rule 17.2

[2022-02-14] Cppcheck Premium R22.2.1

• Based on Cppcheck-2.7
• Linux: self registration script
• New check: void function should have side effects
• New check: Unused private member variables